Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation

Obtaining the authorization of users (i.e., data owners) prior to data collection has become commonplace for online service providers (i.e., data processors), in light of the stringent data regulations around the world. However, it remains a challenge to uphold the principle of purpose limitation, which mandates that collected data should only be processed for the purpose that the data owner has originally authorized. In this work, we advocate algorithm specificity, as a means to enforce the purpose limitation principle. We propose ALGOSPEC, which obscures data to restrict its usability solely to an authorized algorithm or algorithm group. ALGOSPEC exploits the nature of polynomial approximation that given the input data and the highest order, any algorithm can be approximated with a unique polynomial. It converts the original authorized algorithm (or a part of it) into a polynomial and then creates a list of alternatives to the original data. To assess the efficacy and efficiency of ALGOSPEC, we apply it to the entropy method and Naive Bayes classification under datasets of different magnitudes from 10² to 10⁶. ALGOSPEC significantly outperforms cryptographic solutions such as fully homomorphic encryption (FHE) in efficiency. On accuracy, it achieves a negligible Mean Squared Error (MSE) of 0.289 in the entropy method against computation over plaintext data, and identical accuracy (92.11%) and similar F1 score (87.67%) in the Naive Bayes classification.

© USENIX Security Symposium 2024.  All rights reserved.